Federal Auditors Question Access Health CT's Internal Controls

Federal auditors reported Tuesday that they had found deficiencies in the internal controls used by the health insurance exchanges run by Connecticut, California and the federal government.

The problems could have limited the marketplaces' ability to prevent people from using inaccurate or fraudulent information when applying for coverage as part of the health law commonly known as Obamacare, the auditors said.

Connecticut's exchange, Access Health CT, inaccurately determined that several hundred applicants were eligible for federal assistance in paying insurance premiums or health care costs, failed to promptly send enrollment information from 139 customers to insurers, and didn't always verify the identity of people who use the exchange's call center in accordance with federal guidance, the auditors reported.

Steven Sigal, Access Health's chief financial officer, said the exchange had already found and fixed most of the problems the auditors reported — a sign, he said, that the organization had appropriate controls in place.

"We didn't think we had very serious problems, and we certainly don't think we had inadequate controls because of all the mitigations we were doing," he said. "And we continue to be vigilant because we're still solving issues for people as they go through the process."

Because the exchange's system was developed in a short time to meet deadlines, Sigal said, staff was vigilant in reviewing the data it was generating.

"This thing has got a lot of pimples and blemishes," Sigal said. "We basically put together in 10 months what [in] a normal systems development life cycle would take three years, so we were keenly examining and reviewing everything that went on. Some of the things that [the auditors] found were a byproduct of our caution."

The issues were identified as part of an audit that the U.S. Department of Health and Human Service's Office of Inspector General conducted on three exchanges: Access Health CT; the federal marketplace used by 36 states; and California's exchange, Covered California. Congress required the auditors to report on the effectiveness of safeguards to prevent people from submitting inaccurate or fraudulent data when applying for health insurance.

In addition to citing issues with each exchange that they examined, the auditors raised questions about exchanges' ability to verify applicants' residency and family size after finding that the three exchanges relied solely on the information that applicants provided.

According to the auditors' report, Access Health officials said that the federal government had not identified a data source to use to verify applicants' residency, although the exchange said it verifies that the addresses people give are valid.

In addition, the report noted that exchanges rely on applicants' information about family size without verifying it. The federal Centers for Medicare and Medicaid Services, which oversees the exchanges, had planned to use data from the Internal Revenue Service to verify family size but determined that it might not correspond to actual family size, according to the auditors.

The audit identified three areas of deficiency in the internal controls used by federal and Connecticut exchanges, and five in California's exchange, as well as additional issues that weren't directly related to internal controls. The examination covered October through December 2013, the first three months of the open enrollment period for health plans sold by the exchanges.

The auditors noted that the deficiencies they found don't necessarily mean that people enrolled in coverage improperly because other mechanisms exist that could remedy problems.

In the period covered by the audit, 34,095 people signed up for private insurance through Access Health, but some had problems, according to the audit report.

There were 223 people who were eligible for Medicaid, but Access Health inaccurately determined that they were eligible to buy private insurance with financial aid from the federal government. The exchange also inaccurately determined that 619 people who selected catastrophic health plans were eligible for federal help in reducing their deductibles and other out-of-pocket costs, even though those discounts cannot be used on catastrophic plans.

Access Health officials said they found soon after open enrollment began that the system was determining that some applicants were eligible for both Medicaid and discounted private insurance if changes were made to their applications after they were submitted. The exchange said the issue was corrected on Dec. 21, before anyone's coverage began. Sigal said that people were contacted and asked to re-enroll.

Sigal said the problem with catastrophic plans occurred because of a coding error that was later fixed. The auditors reported that customers weren't affected because the insurance companies didn't apply the cost-sharing reductions to the plans.

According to the auditors, this problem occurred because the exchange staff identified issues with the applications but didn't inform the staff responsible for correcting the issues. Some applicants later told the exchange that insurers hadn't received their information, the auditors wrote.

Access Health ultimately resolved the issues for 121 of the applicants and sent their information to the insurers, but the exchange was unable to reach the other 18 despite making three attempts.

Sigal said the applicant information was held back from the carriers so that exchange staff could address the problems in the files. He said he didn't know if the people responsible for fixing the files hadn't been informed about them, as the auditors reported.

There was "a lot of stuff going on here while we were trying to scramble, get people enrolled," he said. "They may have keyed in on some of the controlled chaos that was happening."

The auditors also took issue with the way that Connecticut handles applicants' calls. Federal guidance calls for state exchanges to conduct "identity proofing" before accepting phone or online applications to ensure that the right person has access to restricted data. In the case of one applicant who applied by phone, and whose case was examined by the auditors, Access Health didn't perform identity proofing in accordance with the federal guidance, the auditors wrote.

Sigal said the exchange decided not to verify new applicants' identities at the beginning of a phone call because it would slow down the process. Sometimes, people call because they are having trouble using the exchange's website, and having to go through identity proofing first would have made the phone call and wait times longer, Sigal said.

"You can't begin to solve their issue if you're going to have difficulty right away with identity proofing," he said.

But exchange officials noted that people's identity is verified when they submit their applications. And if someone calls back after submitting an application, identity proofing is done, they said.

After reviewing Access Health's response, the auditors said they stood by their recommendation that the exchange develop a procedure to perform identity proofing of phone applicants consistent with federal guidance.

This story originally appeared at CTMirror.org, the website of The Connecticut Mirror, an independent, nonprofit news organization covering government, politics and public policy in the state.